One of the companies we work with has 192.168 address for some of the radius servers we have to talk to, we are directly connected to them so it's not a big pain but it's just so ugly. . . That makes perfect sense to me...there is not a better way to protect a box from a DOS/hack than to only give it a private address. Why expose a box to the outside world if there is not a need???
Deron,
Ever heard of an access list? Didn't think so.
These are single hosts on private networks we are talking about here, not routers. If their only contact with the outside is through direct connections, I can't see a good reason to waste a globally routable address on them. Access-lists are not a panacea, proper host security is not excused by securing the network. If the router itself is compromised and the access-lists are dumped, if you have a routable address you are SOL for protection. I am not suggesting that having a private address is adequate host security obviously, but it certainly doesn't hurt. Aside from offending the aesthetic sensibilities of a few network engineers there has been no convincing argument as to why an internal host with a few trusted direct connections should have a globally unique address. I can think of lots of reasons why a router on a public network *should* have a legal address, I just don't see how that applies in this case. And I am sure that you can find lots of better reasons to flame BellSouth. Best regards and Happy Holidays! Geoff Zinderdine Network Flunkey-at-Large
Deron J. Ringen Sr. Network Architect BellSouth Internet Services
Typical.
--- John Fraizer EnterZone, Inc